Client Model
The client model in Identety includes the following properties:id
: Unique identifier for the client (auto-generated)name
: Human-readable name of the client applicationtype
: Type of the client (public, private, or m2m)clientId
: Public identifier for the clientclientSecret
: Secret used for authentication (private and m2m clients only)redirectUris
: Allowed redirect URIs for the clientscopes
: Scopes that the client is allowed to requestaccessTokenLifetime
: Lifetime of access tokens issued to the clientrefreshTokenLifetime
: Lifetime of refresh tokens issued to the client
Client Types
Identety supports three types of clients:-
Public clients: Used for applications where the client secret cannot be kept confidential, such as single-page web apps (SPA) or mobile apps. Public clients are identified by their
clientId
only. -
Private clients: Used for server-side applications that can securely store the
clientSecret
. Private clients are authenticated using bothclientId
andclientSecret
. -
Machine-to-machine (m2m) clients: Used for server-to-server communication without user interaction. M2M clients are also authenticated using
clientId
andclientSecret
.
Why Clients are Needed
Clients play a crucial role in the OAuth and OIDC workflows:- Access delegation: Clients allow users to grant limited access to their protected resources without sharing their credentials. This enables third-party applications to access APIs on behalf of users.
-
Scope-based authorization: Clients specify the
scopes
they need, which represent permissions to access specific resources. This allows for fine-grained access control. - Secure authentication: Client authentication ensures that only registered and authorized applications can request tokens and access protected resources.
- Token management: Clients are responsible for securely storing and managing the access and refresh tokens they receive from Identety.